Why is Cyber Security So Expensive?

Friday 17 July 2020, 1:07PM
By Sarah Glover

Cybersecurity firm CANDA says that security is expensive—but it doesn’t have to be. CANDA’s team of security professionals have all been involved in the ICT security industry for more than twenty years. They have seen growth and maturity, and also some abject failures in various organisations’ approaches to cybersecurity.  

So what drives cost? Immaturity.

A mature organisation recognises a need. It then develops an approach to meeting that need which ensures that security requirements are factored into planning, design, implementation, and the operational aspects of ICT systems.  

A mature approach factors in regulatory, privacy, or other legislative or security standards requirements for security or compliance outcomes. Planning an enterprise strategy around security can allow for the delivery of requirements in an optimised way which reduces the overall cost.

Some of the current behaviors which drive a false economy with regards to security are:

  • Funding models which take no account of operational costs.
  • A lack of centralised assurance function collecting re-usable security artefacts for the entire organisation.
  • Using PMO models which fund security certification for each project rather than an approach which certifies central security services.
  • The tendency to decentralise rather than take a strategic approach where economies of scale can reduce costs.  
  • The appointment of unskilled or inexperienced staff in key security roles to ‘check that box’. This can lead to costly security failures, as some NZ companies and government agencies can well attest to.

CANDA ICT security experts provide comprehensive security consultancy services, addressing concerns on a range of issues and providing solutions for agencies looking to gain security assurance over their systems. This includes, but is not limited to, C&A processes, policy, security architecture, management and strategy, governance and assurance, risk management and operational security. 

CANDA’s security team can assist with design, configuration assurance, and C&A and governance concerns when implementing cloud technology. Their experience in application security testing, secure code development, agile deployment, and numerous DevOps technologies makes them the go-to team for internal-app quality assurance.

Recently, CANDA security experts have been engaged by the Ministry of Justice, Department of Internal Affairs, Inland Revenue Department, NZ Police, the Department of Education, and other agencies. The team at CANDA bring their experience working in large-scale environments to each security and risk project, helping to design and implement security certification & accreditation processes for various organisations. 

CANDA is based in Wellington, New Zealand with an expert team ready to resolve your information security concerns and help your business to navigate the complexity of the certification & accreditation processes. If you’re interested in learning more about CANDA and the ICT security services they provide, call 04 2138735 or visit today.